VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 14 of 278
  • CVE-2024-37232HigNov 1, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.

  • CVE-2020-36837CriOct 16, 2024
    risk 0.57cvss 9.9epss 0.01

    The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database.…

  • CVE-2024-47790HigOct 4, 2024
    risk 0.57cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to…

  • CVE-2024-43247HigAug 19, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.

  • CVE-2024-6328CriJul 12, 2024
    risk 0.57cvss 9.8epss 0.01

    The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and…

  • CVE-2024-4223CriMay 16, 2024
    risk 0.57cvss 9.8epss 0.01

    The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add,…

  • CVE-2023-51515HigApr 12, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.

  • CVE-2024-1710HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2020-36698HigOct 20, 2023
    risk 0.57cvss 8.8epss 0.01

    The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative…

  • CVE-2023-3956CriJul 27, 2023
    risk 0.57cvss 9.8epss 0.01

    The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated…

  • CVE-2021-4337HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2021-4361HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update…

  • CVE-2020-36725HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for…

  • CVE-2019-25142HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the…

  • CVE-2022-4935HigApr 5, 2023
    risk 0.57cvss 8.8epss 0.01

    The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions…

  • CVE-2021-4331HigMar 7, 2023
    risk 0.57cvss 8.8epss 0.01

    The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can…

  • CVE-2022-31765HigOct 11, 2022
    risk 0.57cvss 8.8epss 0.01

    Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

  • CVE-2018-2461HigSep 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.

  • CVE-2018-2455HigSep 11, 2018
    risk 0.57cvss 8.8epss 0.01

    SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

  • CVE-2018-2454HigSep 11, 2018
    risk 0.57cvss 8.8epss 0.01

    SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.